Week 33 In Review – 2016

DefCon Event
Council of 9 ventured forth to DEFCON 24 to compete in this year’s badge challenge, brought to us each year by 1o57. There was determination among the team to win at DC24 to ensure that last year’s win was not a fluke. After many sleepless nights in Vegas, we emerged victorious for a second year in a row.

Northsec 2016 Conference – www.youtube.com
NorthSec is the biggest applied security event in Canada, aimed at raising the knowledge and technical expertise of professionals and students alike.
We are determined to create a high quality security forum composed of a two day single track conference by the brightest in their field of expertise, followed by an intense 48 hour on-site CTF contest.

Resources

Black Hat 2016
Just a few days ago I had a blast again at this year’s Black Hat. Some of the talks were really worth listening to, so I wanted to point them out and give a short summary.

101 Ways to Brick you Hardware – www.grandideastudio.com
Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable. This presentation provides examples of common mistakes that can temporarily or permanently damage electronic systems and ways to recover, if possible.

The Binwalk Firmware Analysis Tool – www.basicinputoutput.com
I’ve recently been experimenting with a wicked-fun tool you may find useful called Binwalk: a “fast, easy to use tool for analyzing and extracting firmware images” including, but not limited to, UEFI images.

Datasploit – github.com
A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data.

WSSAT – Web Service Security Assessment Tool – github.com
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files.

Techniques

DefCon 24 Badge – i.crave.beer
Having a few years experience in product development, most of what Joe was saying wasn’t new to me, but the tools and techniques he presented in reversing unknown hardware were well received. Which leads me to the entire point of this post. Defcon 24 featured an electronic badge for attendee’s that allowed me to practice some of my new skills in reversing the circuit.

Almost every Volkswagen sold since 1995 can be unlocked with an Arduino – arstechnica.com
Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities.

Sponsors

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.